mkdocs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation (see references/diagrams.md and the swagger-ui example in SKILL.md/references) explicitly shows embedding and loading remote public resources (e.g., , kroki ServerURL=https://kroki.io, and external JS like https://unpkg.com/mermaid/...), which causes MkDocs to fetch and interpret untrusted public content that can change rendered site behavior and tooling, so it exposes the agent to untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The docs instruct installing the D2 CLI via a remote installer executed directly (curl -fsSL https://d2lang.com/install.sh | sh), which fetches and runs remote code as a required dependency—high risk for arbitrary remote code execution.